Kotti 0.9

A user-friendly, light-weight and extensible web content managementsystem, based on Pyramid and SQLAlchemy. |build status|_

Kotti is most useful when you are developing applications that

- have complex security requirements,- use workflows, and/or- work with hierarchical data.

Built on top of a number of *best-of-breed* software components, mostnotably Pyramid_ and SQLAlchemy_, Kotti introduces only a few conceptsof its own, thus hopefully keeping the learning curve flat for thedeveloper.

For a complete list of contributors, seehttps://github.com/Kotti/Kotti/graphs/contributors

Change History==============

0.9 - 2013-09-17----------------

- Add multi file content upload. You can now select several files from your local storage that you want to upload and chose what content nodes shall be created in your Kotti site. Currently files with MIME types of ´´image/*´´ can be uploaded and be created as either ``Image`` or ``File`` nodes, all other MIME types will be created as ``File``. In future releases (or add-on products) this can be extended with additional converters allowing for example to upload HTML files and create ``Document`` nodes with the content of the ``title`` tag becoming the node's title, the content of the ``body`` tag becoming the node's body and so on.

- Fix #253: Many translations weren't included in the last release.

'--use-fuzzy' translations when running 'compile_catalog' adds back translations that were recently marked as fuzzy. (All translations that were marked as fuzzy in German were still accurate.)

- Add ``kotti.util.ViewLink.visible`` method for better control over whether a view link should be visible or not. This allows us to move formerly hardcoded action links defined in ``kotti.views.edit.actions`` into ``TypeInfo.action_links`` and thus make them configurable either globally or per content type.

- ``kotti.security.view_permitted`` will now check for ``pyramid.security.view_execution_permitted`` with a request method set to 'GET' by default. It used to check for a view that matches the current request's method.

This fixes an issue where ``kotti.util.ViewLink.permitted`` would by mistake check for a 'POST' view when the current request was 'POST'.

- Add ``INavigationRoot`` interface and ``TemplateAPI.navigation_root`` property. The latter returns the first content node in the lineage that implements ``INavigationRoot`` or the root node if ``INavigationRoot`` is not implemented by any node in the lineage. Make the ``nav.pt`` template use ``api.navigation_root`` instead of ``api.root``. This allows third party add-ons to define content types that can reside somewhere in the content tree while still being the root for the navigation.

- Move navigation related view code to new module ``kotti.views.navigation``. Deprecate imports from the old locations.

- Remove *some* code that has been deprecated in 0.6 or 0.7.

- A view assigned to a slot can access the slot name where its rendered.

- Add helper method `kotti.message.send_email` for sending general emails. These emails must follow a particular structure. Look at `kotti:templates/email-set-password.pt` as an example.

0.9a2 - 2013-05-04------------------

- Fix #222: Use SQLAlchemy's `before_flush` event for object events.

We were using the wrong events previously. The problem with `before_insert`, `before_update`, and `before_delete` was that event handlers could not reliably call `Session.add`, `Session.delete`, and change mapped relationships. But only SQLAlchemy 0.8 started emitting a warning when that was done.

Also deprecated `ObjectAfterDelete` because I don't think it's useful.

- Remove the html5shim from the master templates and use the fanstatic package js.html5shiv instead.

- Add a fanstatic.Group 'tagit' and need() it in the defered widget. This is needed to make the tags widget render correctly with a theme package enabled until the defered widget is replaced by a widget class that declares its requirements in the usual deform style.

- Remove test related dependencies on requirements.txt. So now we need to run `python setup.py dev` to get testing dependencies.

- Update packages versions on requirements.txt for latest working versions.

- Added a tags display in views for documents, files, folders, and images, where they show up as a horizontal list between description and body.

- Modified general search to include simple tags searching. The default search in Kotti works on a simple search term matching basis. Tags searching is added here in a simple fashion also, such that you can only search for one tag at a time, but partial matches work: searching for 'foo' finds content tagged 'foo bar'. You can also search on single tags by clicking an individual tag in the tags display of an item. More sophisticated tags searching, just as for general search, is left to dedicated add-ons.

0.8a1 - 2012-11-13------------------

- Make language-dependent URL normalization the default. (How to do this used to be a cookbook entry.)

- Cleanup node edit actions and use decorated view classes.

- Add contents view with actions for multiple items.

- Add children_with_permission method to ContainerMixin.

- Add UI for default_view selection.

- Deprecate 'kotti.views.edit.generic_add' and 'generic_edit'. Just use class-based forms instead.

- Added IFile and IImage interfaces to allow for file and image subclasses to reuse the same view (registrations).

0.7.1 - 2012-08-30------------------

- Add deletion of users to the users management.

- Fix tag support for files and images.

- Upgrade to Twitter Bootstrap 2.1

- remove lots of CSS that is no longer needed

- fix responsive layout that was broken on some phone size screen resolutions

- Add "Site Setup" submenu / remove @@setup view.

0.7 - 2012-08-16----------------

- Fix critical issue with migrations where version number would not be persisted in the Alembic versions table.

0.7rc1 - 2012-08-14-------------------

- No changes.

0.7a6 - 2012-08-07------------------

- Fix a bug with connections in the migration script. This would previously cause Postgres to deadlock when calling ``kotti-migrate``.

0.7a5 - 2012-08-07------------------

- Add workflow support based on ``repoze.workflow``. A simple workflow is included in ``workflow.zcml`` and is active by default. Use ``kotti.use_workflow = 0`` to deactivate. The workflow support adds a drop-down that allows users with ``state_change`` permission to modify the workflow state.

- Change the default layout

Kotti's new default look is now even closer to the Bootstrap documentation, with the main nav bar at the very top and the edit bar right below.

Upgrade note: if you have a customized main_template and want to use the recent changes in that template, you need to swap positions of ``nav.pt`` and ``editor-bar.pt`` ``api.render_template`` calls and remove the ``search.pt`` call from the main_template (it's now called from within ``nav.pt``). Everything else is completely optional.

- Add migrations via Alembic. A new script ``kotti-migrate`` helps with managing database upgrades of Kotti and Kotti add-ons. Run ``kotti-migrate <your.ini> upgrade`` to upgrade the Kotti database to the latest version.

Add-on authors should see the ``kotti.migrate`` module's docstring for more details.

- Make ``Document.body`` searchable (and therefore the search feature actually useful for the first time).

- Add a "minify" command to compress CSS and JS resources.

To use it run::

python setup.py dev python setup.py minify

The ``minify`` command assumes, that all resources are in ``kotti/static/``. ``YUI compressor`` is used for compression and will be automatically installed when running ``python setup.py dev``. However, you still need a JVM on your development machine to be able to use the ``minify`` command.

- Fix settings: only values for kotti* keys should be converted to unicode strings.

- Upgrading from 0.6 to 0.7 requires you to run a migration script on your database. To run the migration, call::

$ bin/kotti-migrate <myconfig.ini> upgrade

Make sure you **backup** your database before running the migration!

- Upgrading to 0.7 will initialize workfow state and permissions for all your content objects, unless you've overwritten ``kotti-use_workflow`` to not use a workflow (use ``0``) or a custom one.

It is **important** that sites that have custom permissions, e.g. custom modifications to SITE_ACL, turn off workflow support prior to running the upgrade script.

0.7a4 - 2012-06-25------------------

- Add minified versions JS/CSS files.

- Fix #88: logging in with email.

- Update translations.

0.7a3 - 2012-06-15------------------

- Include ``kotti.tinymce`` which adds plug-ins for image and file upload and content linking to the TinyMCE rich text editor.

- Slot renderers have been replaced by normal views (or viewlets). ``kotti.views.slots.register`` has been deprecated in favour of ``kotti.views.slots.assign_slot``, which works similarly, but takes a view name of a registered view instead of a function for registration.

- Switch to fanstatic for static resource management.

Upgrade note: This requires changes to existing `*.ini` application configuration files. Concretely, you'll need to add a ``filter:fanstatic`` section and a ``pipeline:main`` section and rename an existing ``app:main`` section to ``app:Kotti`` or the like. Take a look at Kotti's own ``development.ini`` for an example.

- Retire the undocumented ``kotti.resources.Setting`` class and table. ``kotti.get_settings`` will now return ``registry.settings`` straight, without looking for persistent overrides in the database.

- Drop support for Pyramid<1.3, since we use ``pyramid.response.FileResponse``, and kotti_tinymce uses ``pyramid.view.view_defaults``.

- Fix encoding error with non-ascii passwords.

0.7a2 - 2012-06-07------------------

- Do not allow inactive users to reset their password.

0.7a1 - 2012-06-01------------------

Features~~~~~~~~

- Add a new 'Image' content type and image scaling, originally from the kotti_image_gallery add-on. See ``kotti.image_scales.*`` settings.

- Add search and related setting ``kotti.search_content``.

- Add subscriber to set cache headers based on caching rules. See also related setting ``kotti.caching_policy_chooser``.

- Remove TinyMCE from the core.

- Move email templates into page templates in ``kotti:templates/email-set-password.pt`` and ``kotti:templates/email-reset-password.pt``. This is to make them easier to translate and customize. This deprecates ``kotti.message.send_set_password``.

- Add a 'edit_inhead' slot for stuff that goes into the edit interface's head. 'inhead' is no longer be used in 'edit/master.pt'.

- For more details, see also http://danielnouri.org/notes/2012/05/28/kotti-werkpalast-sprint-wrap-up/

Bugs~~~~

- Fix bug with group edit views. See https://github.com/Pylons/Kotti/pull/61

- Fix bug where ``user.last_login_date`` was not set during automic login after the set password screen.

0.6.3 - 2012-05-08------------------

- Add tag support. All content objects now have tags. They can be added in the UI using the "jQuery UI Tag-it!" widget. See https://github.com/Pylons/Kotti/pull/55 .

- You can also append to 'Node.__acl__' now in addition to setting the attribute.

0.6.0b3 - 2012-03-17--------------------

- Have the automatic ``__tablename__`` and ``polymorphic_identity`` for CamelCase class names use underscores, so a class 'MyFancyDocument' gets a table name of 'my_fancy_documents' and a type of 'my_fancy_document'.

0.6.0b2 - 2012-03-16--------------------

- Make the 'item_type' attribute of AddForm optional. Fixes #41.

- ``kotti.util.title_to_name`` will now return a name with a maximum length of 40. Fixes #31.

Unfortunately, this change is backwards incompatible with existing content types (not with existing databases however). Updating your types to use Declarative is simple. See kotti_calendar for an example: https://github.com/dnouri/kotti_calendar/commit/509d46bd596ff338e0a88f481339882de72e49e0#diff-1

0.5.2 - 2012-03-10------------------

- A new 'Actions' menu makes copy, paste, delete and rename of items more accessible.

- Internationalize user interface. Add Portuguese as the first translation.

- A new 'Add' menu in the editor toolbar allows for a more intuitive adding of items in the CMS.

- Refine ``Node.copy``. No longer copy over local roles per default.

0.5.0 - 2012-02-15------------------

- Move Kotti's default user interface to use Twitter Bootstrap 2.

- Add a new 'File' content type.

- Add CSRF protection to some forms.

- Remove Kotti's ``FormController`` in favor of using ``pyramid_deform``.

- Use plone.i18n to normalize titles to URL parts.

- Add a separate navigation screen that replaces the former intelligent breadcrumbs menu.

- Use ``pyramid_beaker`` as the default session factory.

- Make ``kotti.messages.send_set_password`` a bit more flexible.

0.4.5 - 2012-01-19------------------

- Add 'kotti.security.has_permission' which may be used instead of 'pyramid.security.has_permission'.

The difference is that Kotti's version will set the "authorization context" to be the context that you pass to 'has_permission'. The effect is that 'list_groups' will return a more correct list of local roles, i.e. the groups in the given context instead of 'request.context'.

- Add a template ('forbidden.pt') for when user is logged in but still getting HTTPForbidden.

0.4.4 - 2012-01-05------------------

- The "Forbidden View" will no longer redirect clients that don't accept 'text/html' to the login form.

- Fix bug with 'kotti.site_title' setting.

0.4.3 - 2011-12-22------------------

- Add 'kotti.root_factory' setting which allows the override Kotti's default Pyramid *root factory*. Also, make master templates more robust so that a minimal root with '__parent__' and '__name__' can be rendered.

- The 'kotti.tests' was factored out. Tests should now import from 'kotti.testing'.

0.4.2 - 2011-12-20------------------

- More convenient overrides for add-on packages by better use of 'config.commit()'.

- Remove 'TemplateAPI.__getitem__' and instead add 'TemplateAPI.macro' which has a similar but less 'special' API.

- Factor snippets in 'kotti/templates/snippets.pt' out into their own templates. Use 'api.render_template' to render them instead of macros.

0.3.1 - 2011-12-09------------------

- Add 'keys' method to mutation dicts (see 0.3.0).

0.3.0 - 2011-11-30-------------------

- Replace `Node.__annotations__` in favor of an extended `Node.annotations`.

`Node.annotations` will attempt to not only recognize changes to subobjects of type dict, it will also handle list objects transparently. That is, changing arbitrary JSON structures should just work with regard to calling `node.annotations.changed()` when the structure was changed.

0.2.10 - 2011-11-22-------------------

- 'api.format_datetime' now also accepts a timestamp in addition to datetime.

0.2.9 - 2011-11-21------------------

- Remove MANIFEST.in in favour of using 'setuptools-git'.

0.2.8 - 2011-11-21------------------

- Remove 'PasteScript' dependency since that would result in spurious errors when installing Kotti. See http://jenkins.danielnouri.org/job/Kotti/42/TOXENV=py27/console

- Structural analysis documentation. (Unfinished; in 'analysis' directory during development. Will be moved to main docs when finished.)

0.2.6 - 2011-11-17------------------

- Add `Node.__annotations__` convenience attribute.

`Node.__annotations__` will wrap the annotations dict in such a way that both item and attribute access are possible. It'll also record changes to dicts inside dicts and mark the parent `__annotations__` attribute as dirty.

This change is backward incompatible in that existing content types in your code will need to subclass ``Content`` instead of ``Node``. The example in the docs has been updated. Also, the underlying database schema has changed.